Windows Defender Compromised due to Microsoft Malware Protection Engine (MMPE) Flaw

Devesh Prabhu/ April 7, 2018/ Google, Microsoft, Security, Windows/ 0 comments

Microsoft has now released an Emergency Security Update (ESU) through Windows Update on April 3. It fixes the vulnerability (CVE-2018-0986). Microsoft Malware Protection Engine (MMPE) is affected by this vulnerability. It affects Microsoft Windows Defender MMPE v1.1.14600.4.

A main component of Microsoft Antivirus and Antispyware products MMPE is affected. This component is used for malware scanning, malware detection, and malware cleaning.


Disclaimer: This post contains Amazon affiliate links to antivirus and/or anti-spyware products that readers may find useful for their purposes. Users are advised to thoroughly check the products before making any purchasing decisions. Readers are also advised to contact their local computer repair professional to make a more informed purchasing decision. The author will receive affiliate sales commission from the user's purchase of said promoted antivirus and/or anti-spyware products.


Table of Contents

Windows Defender: Component Affected

  • Microsoft Endpoint Protection
  • Microsoft Forefront Endpoint Protection
  • Microsoft Security Essentials
  • Microsoft Windows Defender
  • Microsoft Windows Intune Endpoint Protection


Windows Defender: Status and Discovery

Microsoft Malware Protection Engine Flaw is rated as "critical."

One of Google’s security researchers discovered this flaw. It allows malicious attackers to execute malicious code. The MMPE component has system privileges. An exploited bug grants attackers complete control the affected system.

Microsoft has classified this vulnerability as ‘critical.’ This is the highest severity classification.

"To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine."

-- Microsoft Advisory

Exploitation is just the start of the trouble. Attackers could post malicious code inside JavaScript files.  Malicious code could be emailed as file attachments. Booby-trapping can be done through instant messaging clients by sending a file.

MMPE automatically scans all incoming files. This is the default setting. No user interaction is required. By this, the flaw is exploited.

On Windows 10, the default setting is Windows Defender is on. All Windows 10 systems are affected due to this.  All Windows 10 systems require an update with immediate effect.


Windows Defender: Updates

Updates are being rolled out and users should receive them within 48 hours.  Microsoft has dissociated MMPE updates separately from OS updates. This is good news. Microsoft can silently deliver the required security patches. This would mean no user interaction is required.

Microsoft has fixed this flaw in MMPE v1.1.14600.4. Users should receive this update in 48 hours. If system administrators or system owners have blocked the MMPE update through system policies, then they will not receive it.

Google Project Zero’s Thomas Dullien discovered this vulnerability (CVE-2018-0986). This is the fourth case of an MMPE remote code execution bug being discovered. Google’s Project Zero team has discovered four bugs.


Windows Defender: Alternatives

Users running 3rd-party security solutions aren’t impacted. Users having Windows Defender disabled aren’t impacted.

  • Avira Antivirus 2018 (1 PC / 1 Year) – Buy Now
  • AVG Protection (Multi-Platform & Unlimited) – Buy Now
  • McAfee Total Protection (1 PC / 1 Year) – Buy Now
  • Kaspersky Anti-Virus (1 PC / 1 Year) – Buy Now
  • Eset Multi Device Smart Security (1 Device / 1 Year) – Buy Now
  • eScan Total Security Suite with Cloud Security (1 PC / 3 Years) – Buy Now
  • BitDefender Total Security (1 Device / 3 Years) – Buy Now
  • AVAST Antivirus (1 PC / 5 Years) – Buy Now
  • Quick Heal Antivirus Pro (1 PC / 1 Year) – Buy Now
  • Quick Heal Antivirus Pro (1 PC / 3 Years) – Buy Now
  • K7 Total Security (1 PC / 1 Year) – Buy Now
  • BullGuard Antivirus (1 PC / 1 Year) – Buy Now
  • BullGuard Antivirus (1 PC / 3 Years) – Buy Now
  • Guardian NetSecure (1 PC / 1 Year) – Buy Now
  • Trend Micro Antivirus + Security (1 PC / 1 Year) – Buy Now
  • G Data Antivirus (3 Users / 3 Years) – Buy Now
  • G Data Antivirus (1 User / 1 Year) – Buy Now
  • Trustport Antivirus (1 User / 1 Year) – Buy Now
  • Stop Virus F-Secure Antivirus (1 User / 1 Year) – Buy Now
  • F-Secure Antivirus (1 User / 1 Year) – Buy Now
  • Protegent Antivirus with Data Recovery (1 PC / 1 Year) – Buy Now







Twitter Hashtags: #MicrosoftWindows #Microsoft #Windows #Defender #WindowsDefender #MalwareProtectionEngineFlaw #MalwareProtection #MalwareProtectionEngine #WindowsDefenderMalware #WindowsDefenderMalwareProtection #WindowsDefenderProtection #MMPE #Update #MicrosoftAntivirus #MicrosoftMalwareProtectionEngine(MMPE) #Antivirus #Antispyware #EmergencySecurityUpdate #SecurityUpdate #WindowsUpdate #MicrosoftAntispyware #MicrosoftEndpointProtection #GoogleSecurity #MicrosoftSecurityEssentials #SecurityEssentials #EndpointProtection #WindowsIntuneEndpoint #WindowsIntuneEndpointProtection #WindowsIntune #IntuneEndpointProtection #MicrosoftForefront #MicrosoftForefrontEndpoint #MicrosoftForefrontEndpointProtection #ForefrontEndpointProtection #GoogleSecurityResearcher #SecurityResearcher #MaliciousAttack #MaliciousCode #JavaScript #BoobyTrap #GoogleProjectZero #RemoteCodeExecutionBug #ProjectZero #RemoteCodeExecution #RemoteCode #SecuritySolution #ThomasDullien













[Devesh Prabhu is a simple person who follows #Tech, #Smartphones, #Tablets, and other #Technology related #NEWS in general and blogs about them in his own way. He has been blogging on these and many other technology-related topics through his various blogs. You can always find him tinkering with his various gadgets to see what makes them tick. When not blogging or writing articles, you can find him enjoying the calmness and serenity of nature in a secluded location.


You can follow us Devesh Prabhu on Google+, Facebook, Twitter, and/or Pinterest to receive instant updates and the latest #Articles or #Blog #Posts as and when they are published to the #Site.


[Note: The article "Windows Defender Compromised due to Microsoft Malware Protection Engine (MMPE) Flaw" first appeared on, a different take on things related to #Tech, #Smartphones, #Tablets, #Electronics, and other #Technology related #NEWS in general.]


[DISCLAIMER: Any and all type of content provided on this blog/website is for informational purposes only. The owner of this blog/website does not make any representations as to the accuracy or completeness of any and all information provided on this blog/website or found by following any external or internal link(s) on this blog/website. The owner of this blog/website will not be liable or held responsible for any and all correctness, errors, and/or omissions in the information provided nor for the availability of this provided information. The owner of this blog/website will not be liable for any losses, injuries, or damages from the display or use of this provided information. These terms and conditions of use are subject to changes at anytime and without prior notices whatsoever.]

Share this Post

Leave a Comment